Please stop using your pet names as passwords

Good for snuggles, bad for security
Good for snuggles, bad for security (Image credit: Tuft & Needle)

The U.K.’s National Cyber Security Centre has issued a stark warning to people who use their pets' names as their passwords: Don't. 

The blog post, timed to coincide with National Pet Day this weekend, suggests that perhaps the name of a beloved animal might be a bit easy for hackers to guess, especially if you’re always posting cute pics of your favorite furry friends online. 

Apparently 15% of British people use their pets' names as their passwords for online accounts. Another 14% use family members’ names and 13% are securing their data with a password based on a memorable date. 

Surprisingly, for an agency using “cyber” in its name, the advice the NCSC gives is actually pretty decent. The NCSC says that you should use strong passwords for email, making sure each password is different from those for other accounts. The goal is to make sure that if anyone nabs your Netflix password, they can’t also access your email with that same key. 

The best advice revolves around password choice. You can get a secure password by picking three random words. Good passwords don’t have to be hard to remember or contain lots of special characters to be secure, although many sites force annoying characters on you, sadly. 

It would be far better to pick a password like “rex railway bone” than “rex1234&*%”. There’s no point explaining why that’s the case when Randall Munroe has already done a perfect job at XKCD. But in summary, long password phrases you can remember are better than short passwords that are nearly impossible to remember. 

Aside from pet names, the NCSC also laid out other usual faults. Around 6% of people use “password” somewhere in their password, or as the whole thing. This is frighteningly stupid, obviously. But then again, we’ve all gotten frustrated setting up yet another account online, so most of us are guilty of doing it at some point. 

The best advice is probably still to use a password manager and generator, like one from our best password managers roundup. Although the convenience of having them sync with the cloud is worthwhile, and those services are often secure and well-encrypted, having a locally stored version you back up to USB sticks is a safer bet. 

Also, please use two-factor authentication as well. Tools like Google Authenticator won’t rely on SMS or email codes to work, which can be great if someone manages to take over your phone account, which can and does happen. 

Ian has been involved in technology journalism since 2007, originally writing about AV hardware back when LCDs and plasma TVs were just gaining popularity. Nearly 15 years on, he remains as excited as ever about how tech can make your life better. Ian is the editor of but has also regularly contributed to Tom's Guide.